CVE-2024-11409

The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from csallphotosdetails parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a...

CVE-2024-11409

The Grid View Gallery WordPress plugin (versions

WordPress plugin Grid View Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...

WordPress Grid View Gallery plugin <= 1.0 - Authenticated (Editor+) PHP Object Injection vulnerability

Authenticated Editor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Grid View Gallery versions = 1.0...

WordPress Grid View Gallery Plugin <= 1.0 is vulnerable to PHP Object Injection

Software Grid View Gallery Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-11409 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID ccd9bf1d982e Credits Francesco Carlucci Required privilege...

CVE-2013-4117

Cross-site scripting XSS vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter...

CVE-2013-4117

Cross-site scripting XSS vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter...

CVE-2013-4117

The WordPress plugin Category Grid View Gallery version 2.3.1 contains a cross-site scripting (XSS) vulnerability in includes/CatGridPost.php that can be triggered via the ID parameter. The underlying issue is insufficient input validation allowing arbitrary script/HTML to be injected into a user...

WordPress Plugin Category Grid View Gallery - &#039;ID&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/60905/info The Category Grid View Gallery plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...

WordPress Category Grid View Gallery Plugin - Cross Site Scripting

WordPress Category Grid View Gallery plugin's "ID" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker c...

WordPress Plugin timthumb.php Shell Upload

Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumb.php library. By hosting a malicious GIF file...

Multiple WordPress Plugins - &#039;timthumb.php&#039; File Upload

Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumb.php library. By hosting a malicious GIF file...